In recent years, electronic data including confidential information (hereinafter referred to as “secure data” and a confidentiality preserving application that generates or edits secure data will be called a “secured application”) has come to be handled among various devices such as personal computers, servers, output devices and input devices over a network. Consequently, there are increasing chances of secure data leaking to the outside world, e.g., printing out of secure data from an output device, saving of secure data to a personally managed personal computer or to a USB storage, or taking out of such saved data.
Since it is extremely difficult to identify a path of leaking once secure data is taken out, grater importance is placed on document management techniques (security management techniques) as means for preventing information leakage and various efforts have been made.
Such efforts include various system management techniques so far proposed, such as one that encrypts secure data itself and permits only those who have access right to the encrypted secure data, one that encrypts data transmitted on a network and has a sender and a receiver share a decryption key, and one that manages access to a printing apparatus itself with a user ID or password and enables printing only when the user is authenticated.
However, as such system management techniques are local processing (i.e., security management for implementing partial processing in a system), there are also efforts for applying exhaustive security management by combining various systems (security management techniques) to supplement the locality. In such a system, however, increased burden is placed on one who sets access right, and also it is difficult for an access right owner to completely prevent information leakage due to occurrence of security holes that can result from incidental omission in access right setting.
To address such problems, a mechanism (security management technique) called secure document system has gained attention in which a security management server centrally manages secure data handled on personal computers (PCs) and input/output devices that are connected to a network.
A feature of the secure document system is that it has a database for storing encrypted secure data and a security management server for performing access right management, and that a PC or an input/output device connected to a network has to be authenticated by the security management server before being able to access the encrypted secure data.
In a secure document system, PCs and input/output devices need to be connected to a security server because authentication by the security management server is essential to access encrypted secure data. Even if secure data is taken outside the network, no access can be made to the secure data because authentication by the security management server cannot be obtained. In addition, in the secure document system, a security management server can collectively manage all access conditions and access history of PCs, applications, or input/output devices that access the secure data.
However, the secure document system has a problem in that, when new data other than secure data (data partially including secure data) is generated by obtaining image data and the like with print screen function (i.e., function of hard-copying a display screen) of a PC that accessed secure data and inserting or attaching the image data to data other than secure data, access restriction does not work for the resulting data and the data is not covered by management of the secure document system.
As a technique for managing security of data that includes copy of secure data, there has been proposed a technique that adds a copy-forgery-inhibited pattern to data that partially includes secure data, such as one disclosed by Japanese Patent Laid-Open No. 2002-84413, where tampering can be detected from modification of the copy-forgery-inhibited pattern. With the technique of Japanese Patent Laid-Open No. 2002-84413, however, utilization of print screen function is practically restricted, and data that is generated by inserting/attaching an image obtained with print screen function that should be intrinsically protected to data other than secure data is excluded from security management. Security management by the technique of Japanese Patent Laid-Open No. 2002-84413 has a problem in that utilization of print screen function is restricted and thus convenience for users is significantly limited.